Open letter: Free State of Bavaria wants to spend billions on Microsoft

While other German states and Europe are increasingly focusing on digital sovereignty, the Bavarian state government is planning a step in the complete opposite direction: The Ministry of Finance's "Future Commission 5.0" wants to convert the entire Bavarian administration to Microsoft 365. Almost one billion euros in license costs would flow to the US company over the course of five years. One billion euros that should actually be invested in Bavarian, German and European software manufacturers. One billion euros of public money that would not be used to promote digital sovereignty, alternatives and data protection in the interests of citizens.

What is special about the Bavarian project: There is no public tender, no transparent examination of alternatives and no involvement of the local IT industry. The lack of data protection is also simply ignored. Anton Carniaux, Microsoft France (Director Public & Legal Affairs), recently stated under oath that Microsoft could not ensure that no data would flow to US authorities. The US CLOUD Act, the Patriot Act and the Foreign Intelligence Surveillance Act oblige US companies to hand over data at the request of US authorities, regardless of where this data is physically located. This point is not given the necessary priority in Bavaria - in the very administration that handles the most sensitive data.

Data protectionists and local authorities are rightly concerned, Bavarian software manufacturers report that they have been neglected, and there is no evidence of a comprehensible market analysis. The planned solution is to be operated "Delos-style", i.e. in German data centers operated by German companies. However, even the planned setup is not secure against unauthorized data access. Moreover, the setup sounds like a German solution, but in reality it means digital dependency on a US technology company, US infrastructure and US law. Anyone who relies on Microsoft is entering into a dependency, the extent of which no one can fully comprehend.

The Bavarian state government's planned decision jeopardizes the state's digital sovereignty, puts data protection on the back burner and ignores the massive security risks associated with dependence on Microsoft. With targeted support for domestic software manufacturers, Bavaria could become a pioneer for digital sovereignty and sustainable IT.

Only in-house solutions that are independent of US cloud services can provide the security and stability that authorities need. Both this realization and these solutions already exist. With Heinlein Support, mailbox, OpenTalk and OpenCloud, the Heinlein Group provides central components for an independent digital infrastructure.

"The Heinlein Group stands for the values that Europe needs now: Responsibility, transparency and technological independence," emphasizes Peer Heinlein, founder and CEO of the Heinlein Group. "It is completely incomprehensible that Bavaria wants to transfer billions in license costs abroad instead of ensuring a sustainable strengthening of local open source software manufacturers and thus digital independence in its own country."

Instead, the aim should be to build digital resilience - through open source, data sovereignty and transparent structures. In line with the motto "public money - public code", for example, sThe federal states of Thuringia and Schleswig-Holstein have already opted for an open source solution for GDPR-compliant video conferencing with OpenTalk. German e-mail providers and cloud services such as mailbox are also used in the federal states. Mecklenburg-Western Pomerania and Thuringiauses, to provide teachers with a secure digital workplace to offer. So there are alternatives to Microsoft

The open letter is addressed to Minister Füracker, Minister Dr. Mehring, Minister President Dr. Söder and can be co-signed by companies and organizations via the Open Source Business Alliance from 27 October 2025.

Link to the open letter

Link to co-sign via OSBA